cron - validate filename portion of cron_file param (#19185)

* Validated filename from `cron_file` param, updated docs Fixes ansible/ansible-modules-core#4795, moved from ansible/ansible-modules-core#5361 * Broke long warning message over multiple lines See: https://github.com/ansible/ansible/pull/19185#issuecomment-302961152
2017-07-21 14:51:34 -07:00 · 2017-07-21 14:51:34 -07:00 · e8a396be16
commit e8a396be16
parent dac519135d
1 changed files with 10 additions and 0 deletions
--- a/lib/ansible/modules/system/cron.py
+++ b/lib/ansible/modules/system/cron.py
@ -84,6 +84,8 @@ options:
      - If specified, uses this file instead of an individual user's crontab.
        If this is a relative path, it is interpreted with respect to
        /etc/cron.d. (If it is absolute, it will typically be /etc/crontab).
+        Many linux distros expect (and some require) the filename portion to consist solely
+        of upper- and lower-case letters, digits, underscores, and hyphens.
        To use the C(cron_file) parameter you must specify the C(user) as well.
    required: false
    default: null
@ -631,6 +633,13 @@ def main():

    changed      = False
    res_args     = dict()
+    warnings     = list()
+
+    if cron_file:
+        cron_file_basename = os.path.basename(cron_file)
+        if not re.search(r'^[A-Z0-9_-]+$', cron_file_basename, re.I):
+            warnings.append('Filename portion of cron_file ("%s") should consist' % cron_file_basename
+            + ' solely of upper- and lower-case letters, digits, underscores, and hyphens')

    # Ensure all files generated are only writable by the owning user.  Primarily relevant for the cron_file option.
    os.umask(int('022', 8))
@ -736,6 +745,7 @@ def main():
    res_args = dict(
        jobs = crontab.get_jobnames(),
        envs = crontab.get_envnames(),
+        warnings = warnings,
        changed = changed
    )